NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0276:  X.509 Code Signing on TOE Updates

Publication Date

Protection Profiles

Other References

Issue Description

Requiring X.509v3 certs for "code signing for TOE updates" can not be met by products that execute on top of an OS and rely on the OS's update mechanism.


For FIA_X509_EXT.2.1, "authentication for code signing for TOE updates" is moved into the selection list and "integrity verification for TSF software and firmware" is removed. The SFR and application note are replaced with the following:

FIA_X509_EXT.2.1: The TSF shall [selection: use, interface with the Operational Environment to use] X.509v3 certificates as defined by RFC 5280 to support [selection: authentication for code signing for TOE updates, IPsec, TLS, HTTPS, SSH], and [selection: integrity verification for TSF protected data, [assignment: other uses], no additional uses].

Application Note: The ST author‘s selection of trusted communication channel is expected to match the selections in FTP_TRP.1.1 and FTP_ITC.1.1 (if FTP_ITC.1 is included in the ST). Certificates may optionally be used for integrity verification (FPT_TST_EXT.2) and other uses. "Authentication for code signing for TOE updates" is an objective requirement and will be mandatory in future PP versions.


This change makes OS based updates acceptable and makes the CAPP commensurate with other PPs in its allowances for signed updates.

Site Map              Contact Us              Home